How do you recognise a scam email?

Scam emails aren’t going away, and unless you stay vigilant, there’s a chance you might get caught. How do you spot a scam?

We all see lots of emails in the course of a regular day, so it can be easy to have all those emails blur together and become one.

But even if something seems normal, it’s always worth it to totally read through the text to find out whether it’s the real deal, because scammers aren’t out to play, and are going after the real thing.

The end game for cyber criminals is your details and your money, with the goal being information that can make them a profit, be it from your own wealth or information they can sell. This makes it even more worthwhile for you to check and read everything, and know what you need to look for.

Read the sender’s name and email address

One of the first places to check for an obvious phishing attempt isn’t so much the sender’s name, but rather the email address.

This is one area most scammers won’t do much about, and so will work with the idea that it’s the one place you’d never check.

While both the name and address easily faked, it’s really only the name where people go to check. So check the email that’s been sent to you and see whether it goes hand in hand with the actual text of the email.

Email scams often feature strange sender names and addresses
Email scams often feature strange sender names and addresses, like this one which came from what appeared to be an MYOB automated invoice, but was in fact a scam with odd details.

Look for spelling errors

Scam emails don’t usually get it right, and that means you can expect a spelling error here and there.

Sometimes, the spelling error is part of the deception, such as adding an extra letter to a domain to try and fool you, but other times, it’s simply because the criminal isn’t necessarily the best at written English.

Spelling errors aren’t the be-all end-all for picking up on scams, but they can be very telling, so read everything on an email that arouses suspicion, and question everything. Subject, text, and everything else.

Hover over the links, but don’t click

Most scam emails will come with a link of some kind. That’s basically how phishing works, casting a net with a dodgy link, hoping you don’t pay any attention, clicking, and entering details at a website design to look the same, but isn’t.

But phishing emails can’t completely replicate the website they’re trying to forge. There are limitations to their power, and while they can rig up a fake form that looks real, they can’t do it on the same website as your bank, school, or something else properly official.

To find out what you’re looking for, first you should know what the URL of the link should be. If it’s a link purportedly from your bank, know the URL of your web banking, and if it’s from PayPal, remember what the link should be. Google it and find out what it is.

When you hover over the email’s link — don’t click — check the URL to see if it matches up.

Good phishing attempts will try to use a combination of the real URL with a domain they own, such as “netbanking.anotherdomain.com” to make it seem official, but obviously, it’s not. That’s similar to what SMS phishing will try to do, so try not to get fooled on either.

Lazy phishing attempts will just make the URL look like anything, and are preying on your likelihood that you won’t, in fact, check the link.

Regardless of what the link looks like, hover over it and don’t click.

Not clicking reduces your chances of getting caught, which is something you definitely don’t want.

When in doubt, call…

If you’re not sure, call the people who the scammers are trying to emulate.

Ignore the numbers in the emails, because they could easily be planted to make you connect to someone who will happily convince you to hand over money.

Instead, head to the source of all relevant information, and call them. If it seems a little strange, always call and find out whether the email is legit.

…and check ScamWatch

And while you’re calling, check out the Australian government’s ScamWatch website to find out whether the scam has been logged.

It’s unlikely the scam is new, and the government offers some great tips to help you stay safe online.

Comments